Vulnerabilities > CVE-2009-0949 - Use of Uninitialized Resource vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
apple
canonical
debian
opensuse
suse
CWE-908
nessus
exploit available

Summary

The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags.

Vulnerable Configurations

Part Description Count
Application
Apple
80
OS
Canonical
4
OS
Debian
3
OS
Apple
106
OS
Opensuse
1
OS
Suse
2

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionCUPS 1.3.9 'cups/ipp.c' NULL Pointer Dereference Denial Of Service Vulnerability. CVE-2009-0949. Dos exploit for linux platform
idEDB-ID:33020
last seen2016-02-03
modified2009-06-02
published2009-06-02
reporterAnibal Sacco
sourcehttps://www.exploit-db.com/download/33020/
titleCUPS <= 1.3.9 - 'cups/ipp.c' NULL Pointer Dereference Denial Of Service Vulnerability

Nessus

  • NASL familyMisc.
    NASL idCUPS_1_3_10.NASL
    descriptionAccording to its banner, the version of CUPS installed on the remote host is earlier than 1.3.10. Such versions are affected by several issues : - A potential integer overflow in the PNG image validation code in
    last seen2020-06-01
    modified2020-06-02
    plugin id36183
    published2009-04-17
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/36183
    titleCUPS < 1.3.10 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(36183);
      script_version("1.24");
      script_cvs_date("Date: 2018/11/15 20:50:23");
    
      script_cve_id(
        "CVE-2008-5286",
        "CVE-2009-0163",
        "CVE-2009-0164",
        "CVE-2009-0195",
        "CVE-2009-0949"
      );
      script_bugtraq_id(32518, 34571, 34665, 34791, 35169);
      script_xref(name:"Secunia", value:"34481");
    
      script_name(english:"CUPS < 1.3.10 Multiple Vulnerabilities");
      script_summary(english:"Checks CUPS server version");
    
      script_set_attribute(attribute:"synopsis", value:"The remote printer service is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "According to its banner, the version of CUPS installed on the remote
    host is earlier than 1.3.10. Such versions are affected by several
    issues :
    
      - A potential integer overflow in the PNG image validation
        code in '_cupsImageReadPNG()' could allow an attacker to
        crash the affected service or possibly execute arbitrary
        code. (STR #2974)
    
      - A heap-based integer overflow exists in
        '_cupsImageReadTIFF()' due to a failure to properly
        validate the image height of a specially crafted TIFF
        file, which can be leveraged to execute arbitrary code.
        (STR #3031)
    
      - The web interface may be vulnerable to DNS rebinding
        attacks due to a failure to validate the HTTP Host
        header in incoming requests. (STR #3118)
    
      - A heap-based buffer overflow in pdftops allows remote
        attackers to execute arbitrary code via a PDF file with
        crafted JBIG2 symbol dictionary segments.
        (CVE-2009-0195)
    
      - Flawed 'ip' structure initialization in the function
        'ippReadIO()' could allow an anonymous remote attacker
        to crash the application via a malicious IPP request
        packet with two consecutives IPP_TAG_UNSUPPORTED tags.
        (CVE-2009-0949)");
    
      script_set_attribute(attribute:"see_also", value:"http://www.cups.org/str.php?L2974");
      script_set_attribute(attribute:"see_also", value:"http://www.cups.org/str.php?L3031");
      script_set_attribute(attribute:"see_also", value:"http://www.cups.org/str.php?L3118");
      script_set_attribute(attribute:"see_also", value:"https://secuniaresearch.flexerasoftware.com/secunia_research/2009-18/");
      script_set_attribute(attribute:"see_also", value:"http://www.coresecurity.com/content/AppleCUPS-null-pointer-vulnerability");
      script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/504032/30/0/threaded");
      script_set_attribute(attribute:"see_also", value:"http://www.cups.org/articles.php?L582");
      script_set_attribute(attribute:"solution", value:"Upgrade to CUPS version 1.3.10 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_cwe_id(20, 119, 189, 399);
    
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/17");
    
      script_set_attribute(attribute:"potential_vulnerability", value:"true");
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:cups");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.");
    
      script_dependencies("http_version.nasl", "cups_1_3_5.nasl");
      script_require_keys("www/cups", "Settings/ParanoidReport");
      script_require_ports("Services/www", 631);
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    
    port = get_http_port(default:631, embedded:TRUE);
    get_kb_item_or_exit("www/"+port+"/cups/running");
    
    version = get_kb_item_or_exit("cups/"+port+"/version");
    source  = get_kb_item_or_exit("cups/"+port+"/source");
    
    if (report_paranoia < 2) audit(AUDIT_PARANOID);
    
    if (
      version =~ "^1\.([0-2]|3\.[0-9])($|[^0-9])" ||
      version =~ "^1\.3(rc|b)"
    )
    {
      if (report_verbosity > 0)
      {
        report = '\n  Version source    : ' + source +
                 '\n  Installed version : ' + version +
                 '\n  Fixed version     : 1.3.10\n';
    
        security_hole(port:port, extra:report);
      }
      else security_hole(port);
      exit(0);
    }
    else if (version =~ "^(1|1\.3)($|[^0-9.])") audit(AUDIT_VER_NOT_GRANULAR, "CUPS", port, version);
    else audit(AUDIT_LISTEN_NOT_VULN, "CUPS", port, version);
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2009-005.NASL
    descriptionThe remote host is running a version of Mac OS X 10.5 or 10.4 that does not have Security Update 2009-005 applied. This security update contains fixes for the following products : - Alias Manager - CarbonCore - ClamAV - ColorSync - CoreGraphics - CUPS - Flash Player plug-in - ImageIO - Launch Services - MySQL - PHP - SMB - Wiki Server
    last seen2020-06-01
    modified2020-06-02
    plugin id40945
    published2009-09-11
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40945
    titleMac OS X Multiple Vulnerabilities (Security Update 2009-005)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    if (!defined_func("bn_random")) exit(0);
    if (NASL_LEVEL < 3004) exit(0);
    
    include("compat.inc");
    
    
    if (description)
    {
      script_id(40945);
      script_version("1.21");
      script_cvs_date("Date: 2018/07/14  1:59:35");
    
      script_cve_id("CVE-2008-2079", "CVE-2008-5498", "CVE-2008-6680", "CVE-2009-0590", "CVE-2009-0591",
                    "CVE-2009-0789", "CVE-2009-0949", "CVE-2009-1241", "CVE-2009-1270", "CVE-2009-1271",
                    "CVE-2009-1272", "CVE-2009-1371", "CVE-2009-1372", "CVE-2009-1862", "CVE-2009-1863",
                    "CVE-2009-1864", "CVE-2009-1865", "CVE-2009-1866", "CVE-2009-1867", "CVE-2009-1868",
                    "CVE-2009-1869", "CVE-2009-1870", "CVE-2009-2468", "CVE-2009-2800", "CVE-2009-2803",
                    "CVE-2009-2804", "CVE-2009-2805", "CVE-2009-2807", "CVE-2009-2809", "CVE-2009-2811",
                    "CVE-2009-2812", "CVE-2009-2813", "CVE-2009-2814");
      script_bugtraq_id(
        29106,
        33002,
        34256,
        34357,
        35759,
        36350,
        36354,
        36355,
        36357,
        36358,
        36359,
        36360,
        36361,
        36363,
        36364
      );
    
      script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2009-005)");
      script_summary(english:"Check for the presence of Security Update 2009-005");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote host is missing a Mac OS X update that fixes various
    security issues."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is running a version of Mac OS X 10.5 or 10.4 that
    does not have Security Update 2009-005 applied.
    
    This security update contains fixes for the following products :
    
      - Alias Manager
      - CarbonCore
      - ClamAV
      - ColorSync
      - CoreGraphics
      - CUPS
      - Flash Player plug-in
      - ImageIO
      - Launch Services
      - MySQL
      - PHP
      - SMB
      - Wiki Server"
      );
      script_set_attribute(
        attribute:"see_also", 
        value:"http://support.apple.com/kb/HT3865"
      );
      script_set_attribute(
        attribute:"see_also", 
        value:"http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
      );
      script_set_attribute(
        attribute:"see_also", 
        value:"http://www.securityfocus.com/advisories/17867"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Install Security Update 2009-005 or later."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
      script_cwe_id(20, 59, 79, 94, 119, 189, 200, 264, 287, 399);
      script_set_attribute(attribute:"patch_publication_date", value:"2009/09/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/11");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
      script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.");
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/MacOSX/packages", "Host/uname");
      exit(0);
    }
    
    #
    
    uname = get_kb_item("Host/uname");
    if (!uname) exit(1, "The 'Host/uname' KB item is missing.");
    
    if (egrep(pattern:"Darwin.* (8\.[0-9]\.|8\.1[01]\.)", string:uname))
    {
      packages = get_kb_item("Host/MacOSX/packages");
      if (!packages) exit(1, "The 'Host/MacOSX/packages' KB item is missing.");
    
      if (egrep(pattern:"^SecUpd(Srvr)?(2009-00[5-9]|20[1-9][0-9]-)", string:packages))
        exit(0, "The host has Security Update 2009-005 or later installed and therefore is not affected.");
      else
        security_hole(0);
    }
    else if (egrep(pattern:"Darwin.* (9\.[0-8]\.)", string:uname))
    {
      packages = get_kb_item("Host/MacOSX/packages/boms");
      if (!packages) exit(1, "The 'Host/MacOSX/packages/boms' KB item is missing.");
    
      if (egrep(pattern:"^com\.apple\.pkg\.update\.security\.(2009\.00[5-9]|20[1-9][0-9]\.[0-9]+)\.bom", string:packages))
        exit(0, "The host has Security Update 2009-005 or later installed and therefore is not affected.");
      else
        security_hole(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-1083.NASL
    descriptionUpdated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX(r) Printing System (CUPS) provides a portable printing layer for UNIX operating systems. The Internet Printing Protocol (IPP) allows users to print and manage printing-related tasks over a network. The CUPS
    last seen2020-06-01
    modified2020-06-02
    plugin id39303
    published2009-06-04
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/39303
    titleCentOS 3 / 4 : cups (CESA-2009:1083)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2009:1083 and 
    # CentOS Errata and Security Advisory 2009:1083 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(39303);
      script_version("1.20");
      script_cvs_date("Date: 2019/10/25 13:36:04");
    
      script_cve_id("CVE-2009-0791", "CVE-2009-0949", "CVE-2009-1196");
      script_bugtraq_id(35169);
      script_xref(name:"RHSA", value:"2009:1083");
    
      script_name(english:"CentOS 3 / 4 : cups (CESA-2009:1083)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated cups packages that fix multiple security issues are now
    available for Red Hat Enterprise Linux 3 and 4.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    The Common UNIX(r) Printing System (CUPS) provides a portable printing
    layer for UNIX operating systems. The Internet Printing Protocol (IPP)
    allows users to print and manage printing-related tasks over a
    network. The CUPS 'pdftops' filter converts Portable Document Format
    (PDF) files to PostScript. 'pdftops' is based on Xpdf and the CUPS
    imaging library.
    
    A NULL pointer dereference flaw was found in the CUPS IPP routine,
    used for processing incoming IPP requests for the CUPS scheduler. An
    attacker could use this flaw to send specially crafted IPP requests
    that would crash the cupsd daemon. (CVE-2009-0949)
    
    A use-after-free flaw was found in the CUPS scheduler directory
    services routine, used to process data about available printers and
    printer classes. An attacker could use this flaw to cause a denial of
    service (cupsd daemon stop or crash). (CVE-2009-1196)
    
    Multiple integer overflows flaws, leading to heap-based buffer
    overflows, were found in the CUPS 'pdftops' filter. An attacker could
    create a malicious PDF file that would cause 'pdftops' to crash or,
    potentially, execute arbitrary code as the 'lp' user if the file was
    printed. (CVE-2009-0791)
    
    Red Hat would like to thank Anibal Sacco from Core Security
    Technologies for reporting the CVE-2009-0949 flaw, and Swen van
    Brussel for reporting the CVE-2009-1196 flaw.
    
    Users of cups are advised to upgrade to these updated packages, which
    contain backported patches to correct these issues. After installing
    this update, the cupsd daemon will be restarted automatically."
      );
      # https://lists.centos.org/pipermail/centos-announce/2009-June/015957.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?d3899c64"
      );
      # https://lists.centos.org/pipermail/centos-announce/2009-June/015958.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?423f1b34"
      );
      # https://lists.centos.org/pipermail/centos-announce/2009-June/015959.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?8b1ea8b4"
      );
      # https://lists.centos.org/pipermail/centos-announce/2009-June/015960.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?7ea3527d"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected cups packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_cwe_id(189, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:cups");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:cups-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:cups-libs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/06/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/06/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/06/04");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x / 4.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-3", reference:"cups-1.1.17-13.3.62")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"cups-devel-1.1.17-13.3.62")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"cups-libs-1.1.17-13.3.62")) flag++;
    
    if (rpm_check(release:"CentOS-4", cpu:"ia64", reference:"cups-1.1.22-0.rc1.9.32.c4.3")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"ia64", reference:"cups-devel-1.1.22-0.rc1.9.32.c4.3")) flag++;
    if (rpm_check(release:"CentOS-4", cpu:"ia64", reference:"cups-libs-1.1.22-0.rc1.9.32.c4.3")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups / cups-devel / cups-libs");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_CUPS-6279.NASL
    descriptionThe
    last seen2020-06-01
    modified2020-06-02
    plugin id41495
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41495
    titleSuSE 10 Security Update : CUPS (ZYPP Patch Number 6279)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(41495);
      script_version ("1.12");
      script_cvs_date("Date: 2019/10/25 13:36:36");
    
      script_cve_id("CVE-2009-0791", "CVE-2009-0949");
    
      script_name(english:"SuSE 10 Security Update : CUPS (ZYPP Patch Number 6279)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 10 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The 'pdftops' was prone to several integer overflows (CVE-2009-0791).
    The cups daemon could crash when receiving IPP requests with multiple
    unsupported tags. (CVE-2009-0949)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2009-0791.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2009-0949.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 6279.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_cwe_id(189, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2009/06/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SLED10", sp:2, reference:"cups-1.1.23-40.55")) flag++;
    if (rpm_check(release:"SLED10", sp:2, reference:"cups-client-1.1.23-40.55")) flag++;
    if (rpm_check(release:"SLED10", sp:2, reference:"cups-devel-1.1.23-40.55")) flag++;
    if (rpm_check(release:"SLED10", sp:2, reference:"cups-libs-1.1.23-40.55")) flag++;
    if (rpm_check(release:"SLED10", sp:2, cpu:"x86_64", reference:"cups-libs-32bit-1.1.23-40.55")) flag++;
    if (rpm_check(release:"SLES10", sp:2, reference:"cups-1.1.23-40.55")) flag++;
    if (rpm_check(release:"SLES10", sp:2, reference:"cups-client-1.1.23-40.55")) flag++;
    if (rpm_check(release:"SLES10", sp:2, reference:"cups-devel-1.1.23-40.55")) flag++;
    if (rpm_check(release:"SLES10", sp:2, reference:"cups-libs-1.1.23-40.55")) flag++;
    if (rpm_check(release:"SLES10", sp:2, cpu:"x86_64", reference:"cups-libs-32bit-1.1.23-40.55")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20090603_CUPS_ON_SL3_X.NASL
    descriptionA NULL pointer dereference flaw was found in the CUPS IPP routine, used for processing incoming IPP requests for the CUPS scheduler. An attacker could use this flaw to send specially crafted IPP requests that would crash the cupsd daemon. (CVE-2009-0949) A use-after-free flaw was found in the CUPS scheduler directory services routine, used to process data about available printers and printer classes. An attacker could use this flaw to cause a denial of service (cupsd daemon stop or crash). (CVE-2009-1196) Multiple integer overflows flaws, leading to heap-based buffer overflows, were found in the CUPS
    last seen2020-06-01
    modified2020-06-02
    plugin id60592
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60592
    titleScientific Linux Security Update : cups on SL3.x, SL4.x, SL5.x i386/x86_64
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(60592);
      script_version("1.6");
      script_cvs_date("Date: 2019/10/25 13:36:18");
    
      script_cve_id("CVE-2009-0791", "CVE-2009-0949", "CVE-2009-1196");
    
      script_name(english:"Scientific Linux Security Update : cups on SL3.x, SL4.x, SL5.x i386/x86_64");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A NULL pointer dereference flaw was found in the CUPS IPP routine,
    used for processing incoming IPP requests for the CUPS scheduler. An
    attacker could use this flaw to send specially crafted IPP requests
    that would crash the cupsd daemon. (CVE-2009-0949)
    
    A use-after-free flaw was found in the CUPS scheduler directory
    services routine, used to process data about available printers and
    printer classes. An attacker could use this flaw to cause a denial of
    service (cupsd daemon stop or crash). (CVE-2009-1196)
    
    Multiple integer overflows flaws, leading to heap-based buffer
    overflows, were found in the CUPS 'pdftops' filter. An attacker could
    create a malicious PDF file that would cause 'pdftops' to crash or,
    potentially, execute arbitrary code as the 'lp' user if the file was
    printed. (CVE-2009-0791)
    
    After installing this update, the cupsd daemon will be restarted
    automatically."
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0906&L=scientific-linux-errata&T=0&P=75
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?ebbe7ff1"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_cwe_id(189, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2009/06/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL3", reference:"cups-1.1.17-13.3.62")) flag++;
    if (rpm_check(release:"SL3", reference:"cups-devel-1.1.17-13.3.62")) flag++;
    if (rpm_check(release:"SL3", reference:"cups-libs-1.1.17-13.3.62")) flag++;
    
    if (rpm_check(release:"SL4", reference:"cups-1.1.22-0.rc1.9.32.el4_8.3")) flag++;
    if (rpm_check(release:"SL4", reference:"cups-devel-1.1.22-0.rc1.9.32.el4_8.3")) flag++;
    if (rpm_check(release:"SL4", reference:"cups-libs-1.1.22-0.rc1.9.32.el4_8.3")) flag++;
    
    if (rpm_check(release:"SL5", reference:"cups-1.3.7-8.el5_3.6")) flag++;
    if (rpm_check(release:"SL5", reference:"cups-devel-1.3.7-8.el5_3.6")) flag++;
    if (rpm_check(release:"SL5", reference:"cups-libs-1.3.7-8.el5_3.6")) flag++;
    if (rpm_check(release:"SL5", reference:"cups-lpd-1.3.7-8.el5_3.6")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-780-1.NASL
    descriptionAnibal Sacco discovered that CUPS did not properly handle certain network operations. A remote attacker could exploit this flaw and cause the CUPS server to crash, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id39311
    published2009-06-04
    reporterUbuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/39311
    titleUbuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : cups, cupsys vulnerability (USN-780-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-780-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(39311);
      script_version("1.16");
      script_cvs_date("Date: 2019/08/02 13:33:02");
    
      script_cve_id("CVE-2009-0949");
      script_bugtraq_id(35169);
      script_xref(name:"USN", value:"780-1");
    
      script_name(english:"Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : cups, cupsys vulnerability (USN-780-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Anibal Sacco discovered that CUPS did not properly handle certain
    network operations. A remote attacker could exploit this flaw and
    cause the CUPS server to crash, resulting in a denial of service.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/780-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_cwe_id(399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:cups");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:cups-bsd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:cups-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:cups-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:cups-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:cupsys");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:cupsys-bsd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:cupsys-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:cupsys-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:cupsys-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcups2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcups2-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcupsimage2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcupsimage2-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcupsys2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcupsys2-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcupsys2-gnutls10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.04");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2009/06/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/06/04");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! ereg(pattern:"^(6\.06|8\.04|8\.10|9\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 8.04 / 8.10 / 9.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"6.06", pkgname:"cupsys", pkgver:"1.2.2-0ubuntu0.6.06.14")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"cupsys-bsd", pkgver:"1.2.2-0ubuntu0.6.06.14")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"cupsys-client", pkgver:"1.2.2-0ubuntu0.6.06.14")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"libcupsimage2", pkgver:"1.2.2-0ubuntu0.6.06.14")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"libcupsimage2-dev", pkgver:"1.2.2-0ubuntu0.6.06.14")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"libcupsys2", pkgver:"1.2.2-0ubuntu0.6.06.14")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"libcupsys2-dev", pkgver:"1.2.2-0ubuntu0.6.06.14")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"libcupsys2-gnutls10", pkgver:"1.2.2-0ubuntu0.6.06.14")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"cupsys", pkgver:"1.3.7-1ubuntu3.5")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"cupsys-bsd", pkgver:"1.3.7-1ubuntu3.5")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"cupsys-client", pkgver:"1.3.7-1ubuntu3.5")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"cupsys-common", pkgver:"1.3.7-1ubuntu3.5")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"libcupsimage2", pkgver:"1.3.7-1ubuntu3.5")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"libcupsimage2-dev", pkgver:"1.3.7-1ubuntu3.5")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"libcupsys2", pkgver:"1.3.7-1ubuntu3.5")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"libcupsys2-dev", pkgver:"1.3.7-1ubuntu3.5")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"cups", pkgver:"1.3.9-2ubuntu9.2")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"cups-bsd", pkgver:"1.3.9-2ubuntu9.2")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"cups-client", pkgver:"1.3.9-2ubuntu9.2")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"cups-common", pkgver:"1.3.9-2ubuntu9.2")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"cups-dbg", pkgver:"1.3.9-2ubuntu9.2")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"cupsys", pkgver:"1.3.9-2ubuntu9.2")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"cupsys-bsd", pkgver:"1.3.9-2ubuntu9.2")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"cupsys-client", pkgver:"1.3.9-2ubuntu9.2")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"cupsys-common", pkgver:"1.3.9-2ubuntu9.2")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"cupsys-dbg", pkgver:"1.3.9-2ubuntu9.2")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libcups2", pkgver:"1.3.9-2ubuntu9.2")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libcups2-dev", pkgver:"1.3.9-2ubuntu9.2")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libcupsimage2", pkgver:"1.3.9-2ubuntu9.2")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libcupsimage2-dev", pkgver:"1.3.9-2ubuntu9.2")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libcupsys2", pkgver:"1.3.9-2ubuntu9.2")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libcupsys2-dev", pkgver:"1.3.9-2ubuntu9.2")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"cups", pkgver:"1.3.9-17ubuntu3.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"cups-bsd", pkgver:"1.3.9-17ubuntu3.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"cups-client", pkgver:"1.3.9-17ubuntu3.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"cups-common", pkgver:"1.3.9-17ubuntu3.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"cups-dbg", pkgver:"1.3.9-17ubuntu3.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"cupsys", pkgver:"1.3.9-17ubuntu3.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"cupsys-bsd", pkgver:"1.3.9-17ubuntu3.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"cupsys-client", pkgver:"1.3.9-17ubuntu3.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"cupsys-common", pkgver:"1.3.9-17ubuntu3.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"cupsys-dbg", pkgver:"1.3.9-17ubuntu3.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libcups2", pkgver:"1.3.9-17ubuntu3.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libcups2-dev", pkgver:"1.3.9-17ubuntu3.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libcupsimage2", pkgver:"1.3.9-17ubuntu3.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libcupsimage2-dev", pkgver:"1.3.9-17ubuntu3.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libcupsys2", pkgver:"1.3.9-17ubuntu3.1")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libcupsys2-dev", pkgver:"1.3.9-17ubuntu3.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups / cups-bsd / cups-client / cups-common / cups-dbg / cupsys / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1083.NASL
    descriptionUpdated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX(r) Printing System (CUPS) provides a portable printing layer for UNIX operating systems. The Internet Printing Protocol (IPP) allows users to print and manage printing-related tasks over a network. The CUPS
    last seen2020-06-01
    modified2020-06-02
    plugin id39307
    published2009-06-04
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/39307
    titleRHEL 3 / 4 : cups (RHSA-2009:1083)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2009:1083. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(39307);
      script_version ("1.28");
      script_cvs_date("Date: 2019/10/25 13:36:14");
    
      script_cve_id("CVE-2009-0791", "CVE-2009-0949", "CVE-2009-1196");
      script_bugtraq_id(35169);
      script_xref(name:"RHSA", value:"2009:1083");
    
      script_name(english:"RHEL 3 / 4 : cups (RHSA-2009:1083)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated cups packages that fix multiple security issues are now
    available for Red Hat Enterprise Linux 3 and 4.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    The Common UNIX(r) Printing System (CUPS) provides a portable printing
    layer for UNIX operating systems. The Internet Printing Protocol (IPP)
    allows users to print and manage printing-related tasks over a
    network. The CUPS 'pdftops' filter converts Portable Document Format
    (PDF) files to PostScript. 'pdftops' is based on Xpdf and the CUPS
    imaging library.
    
    A NULL pointer dereference flaw was found in the CUPS IPP routine,
    used for processing incoming IPP requests for the CUPS scheduler. An
    attacker could use this flaw to send specially crafted IPP requests
    that would crash the cupsd daemon. (CVE-2009-0949)
    
    A use-after-free flaw was found in the CUPS scheduler directory
    services routine, used to process data about available printers and
    printer classes. An attacker could use this flaw to cause a denial of
    service (cupsd daemon stop or crash). (CVE-2009-1196)
    
    Multiple integer overflows flaws, leading to heap-based buffer
    overflows, were found in the CUPS 'pdftops' filter. An attacker could
    create a malicious PDF file that would cause 'pdftops' to crash or,
    potentially, execute arbitrary code as the 'lp' user if the file was
    printed. (CVE-2009-0791)
    
    Red Hat would like to thank Anibal Sacco from Core Security
    Technologies for reporting the CVE-2009-0949 flaw, and Swen van
    Brussel for reporting the CVE-2009-1196 flaw.
    
    Users of cups are advised to upgrade to these updated packages, which
    contain backported patches to correct these issues. After installing
    this update, the cupsd daemon will be restarted automatically."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-0791"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-0949"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-1196"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2009:1083"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected cups, cups-devel and / or cups-libs packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_cwe_id(189, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cups");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cups-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cups-libs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.8");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/06/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/06/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/06/04");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x / 4.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2009:1083";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL3", reference:"cups-1.1.17-13.3.62")) flag++;
    
      if (rpm_check(release:"RHEL3", reference:"cups-devel-1.1.17-13.3.62")) flag++;
    
      if (rpm_check(release:"RHEL3", reference:"cups-libs-1.1.17-13.3.62")) flag++;
    
    
      if (rpm_check(release:"RHEL4", reference:"cups-1.1.22-0.rc1.9.32.el4_8.3")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"cups-devel-1.1.22-0.rc1.9.32.el4_8.3")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"cups-libs-1.1.22-0.rc1.9.32.el4_8.3")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups / cups-devel / cups-libs");
      }
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-1083.NASL
    descriptionFrom Red Hat Security Advisory 2009:1083 : Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX(r) Printing System (CUPS) provides a portable printing layer for UNIX operating systems. The Internet Printing Protocol (IPP) allows users to print and manage printing-related tasks over a network. The CUPS
    last seen2020-06-01
    modified2020-06-02
    plugin id67868
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67868
    titleOracle Linux 3 / 4 : cups (ELSA-2009-1083)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2009:1083 and 
    # Oracle Linux Security Advisory ELSA-2009-1083 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(67868);
      script_version("1.11");
      script_cvs_date("Date: 2019/10/25 13:36:08");
    
      script_cve_id("CVE-2009-0791", "CVE-2009-0949", "CVE-2009-1196");
      script_bugtraq_id(35169);
      script_xref(name:"RHSA", value:"2009:1083");
    
      script_name(english:"Oracle Linux 3 / 4 : cups (ELSA-2009-1083)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2009:1083 :
    
    Updated cups packages that fix multiple security issues are now
    available for Red Hat Enterprise Linux 3 and 4.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    The Common UNIX(r) Printing System (CUPS) provides a portable printing
    layer for UNIX operating systems. The Internet Printing Protocol (IPP)
    allows users to print and manage printing-related tasks over a
    network. The CUPS 'pdftops' filter converts Portable Document Format
    (PDF) files to PostScript. 'pdftops' is based on Xpdf and the CUPS
    imaging library.
    
    A NULL pointer dereference flaw was found in the CUPS IPP routine,
    used for processing incoming IPP requests for the CUPS scheduler. An
    attacker could use this flaw to send specially crafted IPP requests
    that would crash the cupsd daemon. (CVE-2009-0949)
    
    A use-after-free flaw was found in the CUPS scheduler directory
    services routine, used to process data about available printers and
    printer classes. An attacker could use this flaw to cause a denial of
    service (cupsd daemon stop or crash). (CVE-2009-1196)
    
    Multiple integer overflows flaws, leading to heap-based buffer
    overflows, were found in the CUPS 'pdftops' filter. An attacker could
    create a malicious PDF file that would cause 'pdftops' to crash or,
    potentially, execute arbitrary code as the 'lp' user if the file was
    printed. (CVE-2009-0791)
    
    Red Hat would like to thank Anibal Sacco from Core Security
    Technologies for reporting the CVE-2009-0949 flaw, and Swen van
    Brussel for reporting the CVE-2009-1196 flaw.
    
    Users of cups are advised to upgrade to these updated packages, which
    contain backported patches to correct these issues. After installing
    this update, the cupsd daemon will be restarted automatically."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2009-June/001024.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2009-June/001025.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected cups packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_cwe_id(189, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cups");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cups-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cups-libs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/06/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/06/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 3 / 4", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL3", cpu:"i386", reference:"cups-1.1.17-13.3.62")) flag++;
    if (rpm_check(release:"EL3", cpu:"x86_64", reference:"cups-1.1.17-13.3.62")) flag++;
    if (rpm_check(release:"EL3", cpu:"i386", reference:"cups-devel-1.1.17-13.3.62")) flag++;
    if (rpm_check(release:"EL3", cpu:"x86_64", reference:"cups-devel-1.1.17-13.3.62")) flag++;
    if (rpm_check(release:"EL3", cpu:"i386", reference:"cups-libs-1.1.17-13.3.62")) flag++;
    if (rpm_check(release:"EL3", cpu:"x86_64", reference:"cups-libs-1.1.17-13.3.62")) flag++;
    
    if (rpm_check(release:"EL4", reference:"cups-1.1.22-0.rc1.9.32.el4_8.3")) flag++;
    if (rpm_check(release:"EL4", reference:"cups-devel-1.1.22-0.rc1.9.32.el4_8.3")) flag++;
    if (rpm_check(release:"EL4", reference:"cups-libs-1.1.22-0.rc1.9.32.el4_8.3")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups / cups-devel / cups-libs");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-1082.NASL
    descriptionFrom Red Hat Security Advisory 2009:1082 : Updated cups packages that fix one security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX(r) Printing System (CUPS) provides a portable printing layer for UNIX operating systems. The Internet Printing Protocol (IPP) allows users to print and manage printing-related tasks over a network. A NULL pointer dereference flaw was found in the CUPS IPP routine, used for processing incoming IPP requests for the CUPS scheduler. An attacker could use this flaw to send specially crafted IPP requests that would crash the cupsd daemon. (CVE-2009-0949) Red Hat would like to thank Anibal Sacco from Core Security Technologies for reporting this issue. Users of cups are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the cupsd daemon will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id67867
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67867
    titleOracle Linux 5 : cups (ELSA-2009-1082)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2009:1082 and 
    # Oracle Linux Security Advisory ELSA-2009-1082 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(67867);
      script_version("1.10");
      script_cvs_date("Date: 2019/10/25 13:36:08");
    
      script_cve_id("CVE-2009-0949");
      script_bugtraq_id(35169);
      script_xref(name:"RHSA", value:"2009:1082");
    
      script_name(english:"Oracle Linux 5 : cups (ELSA-2009-1082)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2009:1082 :
    
    Updated cups packages that fix one security issue are now available
    for Red Hat Enterprise Linux 5.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    The Common UNIX(r) Printing System (CUPS) provides a portable printing
    layer for UNIX operating systems. The Internet Printing Protocol (IPP)
    allows users to print and manage printing-related tasks over a
    network.
    
    A NULL pointer dereference flaw was found in the CUPS IPP routine,
    used for processing incoming IPP requests for the CUPS scheduler. An
    attacker could use this flaw to send specially crafted IPP requests
    that would crash the cupsd daemon. (CVE-2009-0949)
    
    Red Hat would like to thank Anibal Sacco from Core Security
    Technologies for reporting this issue.
    
    Users of cups are advised to upgrade to these updated packages, which
    contain a backported patch to correct this issue. After installing
    this update, the cupsd daemon will be restarted automatically."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2009-June/001023.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected cups packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_cwe_id(399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cups");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cups-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cups-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cups-lpd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/06/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/06/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL5", reference:"cups-1.3.7-8.el5_3.6")) flag++;
    if (rpm_check(release:"EL5", reference:"cups-devel-1.3.7-8.el5_3.6")) flag++;
    if (rpm_check(release:"EL5", reference:"cups-libs-1.3.7-8.el5_3.6")) flag++;
    if (rpm_check(release:"EL5", reference:"cups-lpd-1.3.7-8.el5_3.6")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups / cups-devel / cups-libs / cups-lpd");
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-1082.NASL
    descriptionUpdated cups packages that fix one security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX(r) Printing System (CUPS) provides a portable printing layer for UNIX operating systems. The Internet Printing Protocol (IPP) allows users to print and manage printing-related tasks over a network. A NULL pointer dereference flaw was found in the CUPS IPP routine, used for processing incoming IPP requests for the CUPS scheduler. An attacker could use this flaw to send specially crafted IPP requests that would crash the cupsd daemon. (CVE-2009-0949) Red Hat would like to thank Anibal Sacco from Core Security Technologies for reporting this issue. Users of cups are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the cupsd daemon will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id43754
    published2010-01-06
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43754
    titleCentOS 5 : cups (CESA-2009:1082)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2009:1082 and 
    # CentOS Errata and Security Advisory 2009:1082 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(43754);
      script_version("1.16");
      script_cvs_date("Date: 2019/10/25 13:36:04");
    
      script_cve_id("CVE-2009-0949");
      script_bugtraq_id(35169);
      script_xref(name:"RHSA", value:"2009:1082");
    
      script_name(english:"CentOS 5 : cups (CESA-2009:1082)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated cups packages that fix one security issue are now available
    for Red Hat Enterprise Linux 5.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    The Common UNIX(r) Printing System (CUPS) provides a portable printing
    layer for UNIX operating systems. The Internet Printing Protocol (IPP)
    allows users to print and manage printing-related tasks over a
    network.
    
    A NULL pointer dereference flaw was found in the CUPS IPP routine,
    used for processing incoming IPP requests for the CUPS scheduler. An
    attacker could use this flaw to send specially crafted IPP requests
    that would crash the cupsd daemon. (CVE-2009-0949)
    
    Red Hat would like to thank Anibal Sacco from Core Security
    Technologies for reporting this issue.
    
    Users of cups are advised to upgrade to these updated packages, which
    contain a backported patch to correct this issue. After installing
    this update, the cupsd daemon will be restarted automatically."
      );
      # https://lists.centos.org/pipermail/centos-announce/2009-June/015963.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?57d0119a"
      );
      # https://lists.centos.org/pipermail/centos-announce/2009-June/015964.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?b466fe36"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected cups packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_cwe_id(399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:cups");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:cups-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:cups-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:cups-lpd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/06/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/06/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/01/06");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-5", reference:"cups-1.3.7-8.el5_3.6")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"cups-devel-1.3.7-8.el5_3.6")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"cups-libs-1.3.7-8.el5_3.6")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"cups-lpd-1.3.7-8.el5_3.6")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups / cups-devel / cups-libs / cups-lpd");
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-282.NASL
    descriptionMultiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap. (CVE-2009-0146, CVE-2009-0147) Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the (1) _cupsImageReadTIFF function in the imagetops filter and (2) imagetoraster filter, leading to a heap-based buffer overflow. (CVE-2009-0163) Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to g*allocn. (CVE-2009-0165) The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory. (CVE-2009-0166) Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary segments (CVE-2009-0195). Multiple integer overflows in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file that triggers a heap-based buffer overflow, possibly related to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c, (4) JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE: the JBIG2Stream.cxx vector may overlap CVE-2009-1179. (CVE-2009-0791) The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read. (CVE-2009-0799) Multiple input validation flaws in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file. (CVE-2009-0800) The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags. (CVE-2009-0949) Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file. (CVE-2009-1179) The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data. (CVE-2009-1180) The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference. (CVE-2009-1181) Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file. (CVE-2009-1182) The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file. (CVE-2009-1183) Two integer overflow flaws were found in the CUPS pdftops filter. An attacker could create a malicious PDF file that would cause pdftops to crash or, potentially, execute arbitrary code as the lp user if the file was printed. (CVE-2009-3608, CVE-2009-3609) This update corrects the problems. Update : Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
    last seen2020-06-01
    modified2020-06-02
    plugin id42181
    published2009-10-20
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42181
    titleMandriva Linux Security Advisory : cups (MDVSA-2009:282-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12434.NASL
    descriptionThe following bugs have been fixed : - The
    last seen2020-06-01
    modified2020-06-02
    plugin id41304
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41304
    titleSuSE9 Security Update : CUPS (YOU Patch Number 12434)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1811.NASL
    descriptionAnibal Sacco discovered that cups, a general printing system for UNIX systems, suffers from NULL pointer dereference because of its handling of two consecutive IPP packets with certain tag attributes that are treated as IPP_TAG_UNSUPPORTED tags. This allows unauthenticated attackers to perform denial of service attacks by crashing the cups daemon.
    last seen2020-06-01
    modified2020-06-02
    plugin id38992
    published2009-06-03
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/38992
    titleDebian DSA-1811-1 : cups, cupsys - null ptr dereference
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1082.NASL
    descriptionUpdated cups packages that fix one security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX(r) Printing System (CUPS) provides a portable printing layer for UNIX operating systems. The Internet Printing Protocol (IPP) allows users to print and manage printing-related tasks over a network. A NULL pointer dereference flaw was found in the CUPS IPP routine, used for processing incoming IPP requests for the CUPS scheduler. An attacker could use this flaw to send specially crafted IPP requests that would crash the cupsd daemon. (CVE-2009-0949) Red Hat would like to thank Anibal Sacco from Core Security Technologies for reporting this issue. Users of cups are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the cupsd daemon will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id39306
    published2009-06-04
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/39306
    titleRHEL 5 : cups (RHSA-2009:1082)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_CUPS-6285.NASL
    descriptionThe
    last seen2020-06-01
    modified2020-06-02
    plugin id39389
    published2009-06-15
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39389
    titleopenSUSE 10 Security Update : cups (cups-6285)

Oval

accepted2013-04-29T04:20:51.784-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionThe ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags.
familyunix
idoval:org.mitre.oval:def:9631
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleThe ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags.
version27

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/78040/CORE-2009-0420.txt
idPACKETSTORM:78040
last seen2016-12-05
published2009-06-03
reporterCore Security Technologies
sourcehttps://packetstormsecurity.com/files/78040/Core-Security-Technologies-Advisory-2009.0420.html
titleCore Security Technologies Advisory 2009.0420

Redhat

advisories
  • bugzilla
    id500972
    titleCVE-2009-0949 cups: IPP_TAG_UNSUPPORTED handling NULL pointer dereference DoS
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • commentcups-devel is earlier than 1:1.3.7-8.el5_3.6
            ovaloval:com.redhat.rhsa:tst:20091082001
          • commentcups-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070123011
        • AND
          • commentcups is earlier than 1:1.3.7-8.el5_3.6
            ovaloval:com.redhat.rhsa:tst:20091082003
          • commentcups is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070123009
        • AND
          • commentcups-libs is earlier than 1:1.3.7-8.el5_3.6
            ovaloval:com.redhat.rhsa:tst:20091082005
          • commentcups-libs is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070123013
        • AND
          • commentcups-lpd is earlier than 1:1.3.7-8.el5_3.6
            ovaloval:com.redhat.rhsa:tst:20091082007
          • commentcups-lpd is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070123015
    rhsa
    idRHSA-2009:1082
    released2009-06-03
    severityImportant
    titleRHSA-2009:1082: cups security update (Important)
  • rhsa
    idRHSA-2009:1083
rpms
  • cups-1:1.3.7-8.el5_3.6
  • cups-debuginfo-1:1.3.7-8.el5_3.6
  • cups-devel-1:1.3.7-8.el5_3.6
  • cups-libs-1:1.3.7-8.el5_3.6
  • cups-lpd-1:1.3.7-8.el5_3.6
  • cups-1:1.1.17-13.3.62
  • cups-1:1.1.22-0.rc1.9.32.el4_8.3
  • cups-debuginfo-1:1.1.17-13.3.62
  • cups-debuginfo-1:1.1.22-0.rc1.9.32.el4_8.3
  • cups-devel-1:1.1.17-13.3.62
  • cups-devel-1:1.1.22-0.rc1.9.32.el4_8.3
  • cups-libs-1:1.1.17-13.3.62
  • cups-libs-1:1.1.22-0.rc1.9.32.el4_8.3

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 35169 CVE(CAN) ID: CVE-2009-0949 Common Unix Printing System(CUPS)是一款通用Unix打印系统,是Unix环境下的跨平台打印解决方案,基于Internet打印协议,提供大多数PostScript和raster打印机服务。 在处理包含有两个IPP_TAG_UNSUPPORTED标签的特质IPP时,CUPS的cups/ipp.c文件中的ippReadIO()函数没有正确地初始化ipp结构,这可能导致受影响的应用崩溃。 cups/ipp.c文件中的ippReadIO()函数负责初始化表示当前IPP请求中不同标签的ipp结构: /----------- 1016 ipp_state_t /* O - Current state */ 1017 ippReadIO(void *src, /* I - Data source */ 1018 ipp_iocb_t cb, /* I - Read callback function */ 1019 int blocking, /* I - Use blocking IO? */ 1020 ipp_t *parent, /* I - Parent request, if any */ 1021 ipp_t *ipp) /* I - IPP data */ 1022 { 1023 int n; /* Length of data */ 1024 unsigned char buffer[IPP_MAX_LENGTH + 1], 1025 /* Data buffer */ 1026 string[IPP_MAX_NAME], 1027 /* Small string buffer */ 1028 *bufptr; /* Pointer into buffer */ 1029 ipp_attribute_t *attr; /* Current attribute */ 1030 ipp_tag_t tag; /* Current tag */ 1031 ipp_tag_t value_tag; /* Current value tag */ 1032 ipp_value_t *value; /* Current value */ 1035 DEBUG_printf((&quot;ippReadIO(%p, %p, %d, %p, %p)\n&quot;, src, cb, blocking, 1036 parent, ipp)); 1037 DEBUG_printf((&quot;ippReadIO: ipp-&gt;state=%d\n&quot;, ipp-&gt;state)); 1039 if (src == NULL || ipp == NULL) 1040 return (IPP_ERROR); 1041 1042 switch (ipp-&gt;state) 1043 { 1044 case IPP_IDLE : 1045 ipp-&gt;state ++; /* Avoid common problem... */ 1046 1047 case IPP_HEADER : 1048 if (parent == NULL) - -----------/ 在上面的代码中,通过几个不同的标签属性对报文进行计数。如果所发送的IPP报文标签属性低于0x10,CUPS就会认为是IPP_TAG_UNSUPPORTED标签: /----------- else if (tag &lt; IPP_TAG_UNSUPPORTED_VALUE) { /* * Group tag... Set the current group and continue... */ if (ipp-&gt;curtag == tag) ipp-&gt;prev = ippAddSeparator(ipp); else if (ipp-&gt;current) ipp-&gt;prev = ipp-&gt;current; ipp-&gt;curtag = tag; ipp-&gt;current = NULL; DEBUG_printf((&quot;ippReadIO: group tag = %x, ipp-&gt;prev=%p\n&quot;, tag, ipp-&gt;prev)); continue; } - -----------/ 由于CUPS处理这类标签的方式,如果报文中包含有两个连续的IPP_TAG_UNSUPPORTED,就会将IPP结构的最后一个节点初始化为NULL,这会在cupsdProcessIPPRequest函数试图读取attr结构的name字段时导致崩溃。 /----------- /* * 'cupsdProcessIPPRequest()' - Process an incoming IPP request. */ int /* O - 1 on success, 0 on failure */ cupsdProcessIPPRequest( cupsd_client_t *con) /* I - Client connection */ ... if (!attr) { /* * Then make sure that the first three attributes are: * * attributes-charset * attributes-natural-language * printer-uri/job-uri */ attr = con-&gt;request-&gt;attrs; if (attr &amp;&amp; !strcmp(attr-&gt;name, &quot;attributes-charset&quot;) &amp;&amp; (attr-&gt;value_tag &amp; IPP_TAG_MASK) == IPP_TAG_CHARSET) charset = attr; else charset = NULL; ... - -----------/ Easy Software Products CUPS &lt; 1.3.10 厂商补丁: Easy Software Products ---------------------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href="http://www.cups.org" target="_blank" rel=external nofollow>http://www.cups.org</a>
idSSV:11523
last seen2017-11-19
modified2009-06-04
published2009-06-04
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-11523
titleCUPS cups/ipp.c空指针引用拒绝服务漏洞

References